[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] Merging XenStore+MAC

Hi James,

On Mon, Sep 8, 2014 at 11:23 PM, James Bielman <jamesjb@xxxxxxxxxx> wrote:
Hi all,

I'm doing some investigation into what it will take to merge our XenStore mandatory access control patches into the latest Mirage XenStore code base. My plan is to first submit a proposed interface for security modules to XenStore, pushing as much as possible into the external Flask module to keep the patch size down.

After some time looking at the Irmin-based Xenstore, I have a few questions:

- Is the repository at https://github.com/mirage/ocaml-xenstore-server the one I should be tracking, or is there a development repository?

Yes, that's the latest one. Note it's not in a fully working state-- when integrating irmin I unhooked a bunch of stuff so that I could refactor the core more quickly. The following features are (temporarily) unhooked:

- interdomain rings (unix domain socket still works)
- ACLs
- watches
- Xen kernel build

Now that the irmin core is working it's probably time to start re-adding these.

If you had complete freedom, what would your ideal interface be?
- I've been unable to compile a standalone Xen kernel because "mirage-xen" wants to install "xenstore" via OPAM, which conflicts with "ocaml-xenstore-server". Should that be working? Do I need to update to Mirage 2.x?

Ideally I'd like to remove the dependency between mirage-xen and xenstore-- it's currently needed by the suspend/resume code but it complicates the build of the Xen xenstore kernel.

The current version of irmin depends on core_kernel, which we need to make sure will work in a Xen environment -- there may be a stray C binding needed.

For the moment I've been testing via the unix domain socket and had been planning to recreate the kernel version later. Does this work for you?
- I see some code that appears to support mounting virtual trees of some sort (in server/mount.ml), but it doesn't seem to be used currently? One feature I need to do this integration is a virtual "/label" tree for reading/writing nodes security labels. What is the best way to implement a virtual subtree like this currently?

Ah yeah, that's been unhooked too. I need to hook it back in. Would your tree be entirely virtual or would you want to write-through to irmin beneath?
- Likewise, I see code doing DAC checks in some modules, but those modules don't appear to be included in the build. Am I missing something or is the current version not performing access checks? Perhaps because the interdomain transport isn't being used?

That's right -- it's certainly not in a production-ready state! The irmin bits are working quite nicely though :-)

Dave Scott
MirageOS-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.